Ubuntu
lxc package

cgroup-lite not installable inside 'lxc create -t ubuntu' container

Bug #924281 reported by Scott Moser
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
lxc (Ubuntu)
Fix Released
High
Unassigned

Bug Description

Inside a cgroup created by juju (with 'lxc create -t ubuntu'), libvirt-bin was attempted to be installed.

libvirt-bin depends on cgroup-lite (or cgroup-bin) and cgroup-lite tries to be installed:

# sudo apt-get -f install
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
2 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up cgroup-lite (1.0) ...
start: Job failed to start
invoke-rc.d: initscript cgroup-lite, action "start" failed.
dpkg: error processing cgroup-lite (--configure):
 subprocess installed post-installation script returned error exit status 1
dpkg: dependency problems prevent configuration of libvirt-bin:
 libvirt-bin depends on cgroup-lite | cgroup-bin; however:
  Package cgroup-lite is not configured yet.
  Package cgroup-bin is not installed.
dpkg: error processing libvirt-bin (--configure):
 dependency problems - leaving unconfigured
No apport report written because the error message indicates its a followup error from a previous failure.
                                                                                                          Errors were encountered while processing:
 cgroup-lite
 libvirt-bin
E: Sub-process /usr/bin/dpkg returned an error code (1)

# cgroups-mount
mkdir: cannot create directory `/sys/fs/cgroup/cpuset': Permission denied

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: cgroup-lite 1.0
ProcVersionSignature: User Name 3.2.0-12.20-virtual 3.2.2
Uname: Linux 3.2.0-12-virtual x86_64
ApportVersion: 1.91-0ubuntu1
Architecture: amd64
Date: Tue Jan 31 13:06:20 2012
Dependencies:

Ec2AMI: ami-00000132
Ec2AMIManifest: FIXME
Ec2AvailabilityZone: nova
Ec2InstanceType: m1.small
Ec2Kernel: unavailable
Ec2Ramdisk: unavailable
PackageArchitecture: all
ProcEnviron:
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: cgroup-lite
UpgradeStatus: No upgrade log present (probably fresh install)

Serge Hallyn (serge-hallyn)
Changed in cgroup-lite (Ubuntu):
status: New → Confirmed
importance: Undecided → High
Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

The apparmor policy needs to be updated - /sys/fs/cgroup should be permitted. (other subdirs of /sys/fs/ should be denied)

(When the mount permissions are here, we'll have a much more detailed policy regarding cgroups.)

Kate Stewart (kate.stewart)
tags: added: rls-mgr-p-tracking
Revision history for this message
Steve Langasek (vorlon) wrote :

Fixed in the latest lxc upload.

affects: cgroup-lite (Ubuntu) → lxc (Ubuntu)
Changed in lxc (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Gary Poster (gary) wrote :

If someone encounters these symptoms in Precise, the more detailed instructions to fix it is to adjust apparmor as described in http://www.stgraber.org/2012/05/04/lxc-in-ubuntu-12-04-lts/ , in the section labeled "Container nesting." The apparmor change is part of Quantal, so the blog post's steps should no longer be necessary after Precise.

Revision history for this message
Jian Wen (wenjianhn) wrote :

When I deployed the mysql charm, cgroup-lite failed to start in the lxc instance.

root 21536 0.0 0.0 21168 1032 ? Ss 06:57 0:00 lxc-start --daemon -n jian-local-machine-1 -c /var/lib/juju/containers/jian-local-machine-1/console.log -o /var/lib/juju/containers/jian-local-machine-1/container.log -l DEBUG

ubuntu@jian-local-machine-1:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 12.04.3 LTS
Release: 12.04
Codename: precise

ubuntu@jian-local-machine-1:~$ uname -a
Linux jian-local-machine-1 3.5.0-42-generic #65~precise1-Ubuntu SMP Wed Oct 2 20:57:18 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

ubuntu@jian-local-machine-1:~$ sudo cat /var/log/upstart/cgroup-lite.log
mount: block device cgroup is write-protected, mounting read-only
mount: cannot mount block device cgroup read-only
umount: cpuset: not mounted
mount: block device cgroup is write-protected, mounting read-only
mount: cannot mount block device cgroup read-only
umount: cpuset: not mounted
mount: block device cgroup is write-protected, mounting read-only
mount: cannot mount block device cgroup read-only
umount: cpuset: not mounted
mount: block device cgroup is write-protected, mounting read-only
mount: cannot mount block device cgroup read-only
umount: cpuset: not mounted

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.